Fix handling of OpenSSL 3.2.0 new error message "record layer failure" (

#3405) Co-authored-by: Ruben Laguna <[email protected]> Co-authored-by: Ruben Laguna <[email protected]> Co-authored-by: Seth Michael Larson <[email protected]>
urllib3 · Jun 17, 2024 · 29cfd02 · 29cfd02
1 parent b600643
commit 29cfd02
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 2 deletions.
diff --git a/changelog/3268.bugfix.rst b/changelog/3268.bugfix.rst
@@ -0,0 +1 @@
+Fixed handling of OpenSSL 3.2.0 new error message for misconfiguring an HTTP proxy as HTTPS.
diff --git a/src/urllib3/connectionpool.py b/src/urllib3/connectionpool.py
@@ -768,7 +768,9 @@ def _is_ssl_error_message_from_http_proxy(ssl_error):
  # so we try to cover our bases here!
  message = " ".join(re.split("[^a-z]", str(ssl_error).lower()))
  return (
- "wrong version number" in message or "unknown protocol" in message
+ "wrong version number" in message
+ or "unknown protocol" in message
+ or "record layer failure" in message
  )
 
  # Try to detect a common user error with proxies which is to

diff --git a/test/with_dummyserver/test_socketlevel.py b/test/with_dummyserver/test_socketlevel.py
@@ -1223,7 +1223,8 @@ def socket_handler(listener):
  self._start_server(socket_handler)
  with HTTPSConnectionPool(self.host, self.port, ca_certs=DEFAULT_CA) as pool:
  with pytest.raises(
- SSLError, match=r"(wrong version number|record overflow)"
+ SSLError,
+ match=r"(wrong version number|record overflow|record layer failure)",
  ):
  pool.request("GET", "/", retries=False)